[messaging] MITM-safe communication w/o authentication possible?

Karl gmkarl at gmail.com
Sun Nov 29 18:09:46 PST 2015

On 11/29/15, Ximin Luo <infinity0 at pwned.gg> wrote:
> On 30/11/15 00:53, Ethan Heilman wrote:
>>> No human user thinks in terms of contacting cryptographic identities.
>>> [..]
>> Am I correct in my understanding that .onion addresses work this way?
> [..]
> (To put it another way, "self-authenticating" is a joke. My GPG fingerprint
> is self-authenticating too. Just go talk to 0x1318efac5fbbdbce, it doesn't
> matter who that is in real life.... what? no takers?)

It seems reasonable to me that the important part of somebody's
identity would be their behavior rather than their body or name.  But
to use fingerprints as identifiers, you'd need a way for humans to
remember and compare them.  Some way of hashing data into something
memorable but complex enough to be collision-resistant, like a
detailed image of a computer-generated human face.

I wonder if anybody's done something like that.

More information about the Messaging mailing list